From 65fc0d12acc8ee107ef96c5142a2a7f9c71e7157 Mon Sep 17 00:00:00 2001 From: julien huang Date: Sun, 19 Nov 2023 13:26:25 +0100 Subject: [PATCH 1/8] feat: allow runtime configuration for headers --- playground/nuxt.config.ts | 3 ++- playground/server/api/runtime-hooks.ts | 7 ++++++ playground/server/plugins/headers.ts | 10 ++++++++ src/module.ts | 13 ++++++++-- src/runtime/nitro/plugins/00-context.ts | 24 +++++++++++++++++++ src/runtime/server/middleware/headers.ts | 7 ++++++ src/{ => runtime/utils}/headers.ts | 4 ++-- src/types/index.ts | 22 ++++++++++++++++- test/fixtures/runtime-hooks/.nuxtrc | 1 + test/fixtures/runtime-hooks/app.vue | 5 ++++ test/fixtures/runtime-hooks/nuxt.config.ts | 21 ++++++++++++++++ test/fixtures/runtime-hooks/package.json | 5 ++++ test/fixtures/runtime-hooks/pages/index.vue | 3 +++ .../runtime-hooks/server/api/runtime-hooks.ts | 7 ++++++ .../runtime-hooks/server/plugins/headers.ts | 9 +++++++ test/runtime-hooks.test.ts | 19 +++++++++++++++ 16 files changed, 154 insertions(+), 6 deletions(-) create mode 100644 playground/server/api/runtime-hooks.ts create mode 100644 playground/server/plugins/headers.ts create mode 100644 src/runtime/nitro/plugins/00-context.ts create mode 100644 src/runtime/server/middleware/headers.ts rename src/{ => runtime/utils}/headers.ts (97%) create mode 100644 test/fixtures/runtime-hooks/.nuxtrc create mode 100644 test/fixtures/runtime-hooks/app.vue create mode 100644 test/fixtures/runtime-hooks/nuxt.config.ts create mode 100644 test/fixtures/runtime-hooks/package.json create mode 100644 test/fixtures/runtime-hooks/pages/index.vue create mode 100644 test/fixtures/runtime-hooks/server/api/runtime-hooks.ts create mode 100644 test/fixtures/runtime-hooks/server/plugins/headers.ts create mode 100644 test/runtime-hooks.test.ts diff --git a/playground/nuxt.config.ts b/playground/nuxt.config.ts index cc722f9c..597c8dd6 100644 --- a/playground/nuxt.config.ts +++ b/playground/nuxt.config.ts @@ -24,6 +24,7 @@ export default defineNuxtConfig({ rateLimiter: { tokensPerInterval: 10, interval: 10000 - } + }, + runtimeHooks: true } }) diff --git a/playground/server/api/runtime-hooks.ts b/playground/server/api/runtime-hooks.ts new file mode 100644 index 00000000..e7d03e25 --- /dev/null +++ b/playground/server/api/runtime-hooks.ts @@ -0,0 +1,7 @@ +import { defineEventHandler } from "#imports" + +export default defineEventHandler((event) => { + return { + csp: getResponseHeader(event, 'Content-Security-Policy') + } +}) \ No newline at end of file diff --git a/playground/server/plugins/headers.ts b/playground/server/plugins/headers.ts new file mode 100644 index 00000000..fc95b676 --- /dev/null +++ b/playground/server/plugins/headers.ts @@ -0,0 +1,10 @@ + +export default defineNitroPlugin((nitroApp) => { + nitroApp.hooks.hook('nuxt-security:ready', () => { + nitroApp.hooks.callHook('nuxt-security:headers', '/api/runtime-hooks' ,{ + contentSecurityPolicy: { + "script-src": ["'self'", "'unsafe-inline'"], + } + }) + }) +}) \ No newline at end of file diff --git a/src/module.ts b/src/module.ts index 28e701a9..756fa94b 100644 --- a/src/module.ts +++ b/src/module.ts @@ -1,6 +1,6 @@ import { fileURLToPath } from 'node:url' import { resolve, normalize } from 'pathe' -import { defineNuxtModule, addServerHandler, installModule, addVitePlugin } from '@nuxt/kit' +import { defineNuxtModule, addServerHandler, installModule, addVitePlugin, addServerPlugin } from '@nuxt/kit' import { defu } from 'defu' import type { Nuxt, RuntimeConfig } from '@nuxt/schema' import viteRemove from 'unplugin-remove/vite' @@ -19,7 +19,7 @@ import { defaultSecurityConfig } from './defaultConfig' import { SECURITY_MIDDLEWARE_NAMES } from './middlewares' -import { type HeaderMapper, SECURITY_HEADER_NAMES, getHeaderValueFromOptions } from './headers' +import { type HeaderMapper, SECURITY_HEADER_NAMES, getHeaderValueFromOptions } from './runtime/utils/headers' declare module 'nuxt/schema' { interface NuxtOptions { @@ -134,6 +134,15 @@ export default defineNuxtModule({ }) } + if(nuxt.options.security.runtimeHooks) { + addServerPlugin(resolve(runtimeDir, 'nitro/plugins/00-context')) + addServerHandler({ + handler: normalize( + resolve(runtimeDir, 'server/middleware/headers') + ) + }) + } + const allowedMethodsRestricterConfig = nuxt.options.security .allowedMethodsRestricter if ( diff --git a/src/runtime/nitro/plugins/00-context.ts b/src/runtime/nitro/plugins/00-context.ts new file mode 100644 index 00000000..d822f616 --- /dev/null +++ b/src/runtime/nitro/plugins/00-context.ts @@ -0,0 +1,24 @@ +import { type HeaderMapper, getHeaderValueFromOptions, SECURITY_HEADER_NAMES } from "../../utils/headers" +import { createRouter} from "radix3" +import { defineNitroPlugin } from '#imports' + +export default defineNitroPlugin((nitroApp) => { + const router = createRouter() + + nitroApp.hooks.hook('nuxt-security:headers', (route, headersConfig) => { + const headers: Record = {} + + for (const [header, headerOptions] of Object.entries(headersConfig)) { + headers[SECURITY_HEADER_NAMES[header]] = getHeaderValueFromOptions(header as HeaderMapper, headerOptions as any) + } + + router.insert(route, headers) + }) + + nitroApp.hooks.hook('request', (event) => { + event.context.security = event.context.security || {} + event.context.security.headers = router.lookup(event.path) + }) + + nitroApp.hooks.callHook('nuxt-security:ready') +}) diff --git a/src/runtime/server/middleware/headers.ts b/src/runtime/server/middleware/headers.ts new file mode 100644 index 00000000..f77e8559 --- /dev/null +++ b/src/runtime/server/middleware/headers.ts @@ -0,0 +1,7 @@ +import { defineEventHandler, setHeaders } from '#imports' + +export default defineEventHandler((event) => { + if(event.context.security.headers) { + setHeaders(event, event.context.security.headers) + } +}) \ No newline at end of file diff --git a/src/headers.ts b/src/runtime/utils/headers.ts similarity index 97% rename from src/headers.ts rename to src/runtime/utils/headers.ts index 1914d976..1e1d08dc 100644 --- a/src/headers.ts +++ b/src/runtime/utils/headers.ts @@ -1,8 +1,8 @@ -import { +import type { ContentSecurityPolicyValue, PermissionsPolicyValue, StrictTransportSecurityValue -} from './types/headers' +} from '../../types/headers' type SecurityHeaderNames = Record diff --git a/src/types/index.ts b/src/types/index.ts index 6be40128..c32564d8 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -1,6 +1,5 @@ import type { ModuleOptions as CsrfOptions } from 'nuxt-csurf' import type { Options as RemoveOptions } from 'unplugin-remove/types' - import type { SecurityHeaders } from './headers' import type { AllowedHTTPMethods, BasicAuth, CorsOptions, RateLimiter, RequestSizeLimiter, XssValidator } from './middlewares' @@ -22,6 +21,10 @@ export interface ModuleOptions { nonce: boolean; removeLoggers?: RemoveOptions | false; ssg?: Ssg; + /** + * enable runtime nitro hooks to configure some options at runtime + */ + runtimeHooks: boolean; } export interface NuxtSecurityRouteRules { @@ -32,3 +35,20 @@ export interface NuxtSecurityRouteRules { allowedMethodsRestricter?: AllowedHTTPMethods | false; nonce?: boolean; } + +export interface NuxtSecurityEventContext { + headers: Record | null +} + +declare module 'h3' { + interface H3EventContext { + security: NuxtSecurityEventContext + } +} + +declare module 'nitropack' { + interface NitroRuntimeHooks { + 'nuxt-security:headers': (route: string, headers: SecurityHeaders) => void + 'nuxt-security:ready': () => void + } +} \ No newline at end of file diff --git a/test/fixtures/runtime-hooks/.nuxtrc b/test/fixtures/runtime-hooks/.nuxtrc new file mode 100644 index 00000000..3c8c6a11 --- /dev/null +++ b/test/fixtures/runtime-hooks/.nuxtrc @@ -0,0 +1 @@ +imports.autoImport=true \ No newline at end of file diff --git a/test/fixtures/runtime-hooks/app.vue b/test/fixtures/runtime-hooks/app.vue new file mode 100644 index 00000000..2b1be090 --- /dev/null +++ b/test/fixtures/runtime-hooks/app.vue @@ -0,0 +1,5 @@ + diff --git a/test/fixtures/runtime-hooks/nuxt.config.ts b/test/fixtures/runtime-hooks/nuxt.config.ts new file mode 100644 index 00000000..949a47a4 --- /dev/null +++ b/test/fixtures/runtime-hooks/nuxt.config.ts @@ -0,0 +1,21 @@ +import MyModule from '../../../src/module' + +export default defineNuxtConfig({ + modules: [ + MyModule + ], + routeRules:{ + '/test': { + headers: { + 'x-xss-protection': '1', + } + } + }, + security: { + nonce: false, + runtimeHooks: true, + headers: { + contentSecurityPolicy: false + } + } +}) diff --git a/test/fixtures/runtime-hooks/package.json b/test/fixtures/runtime-hooks/package.json new file mode 100644 index 00000000..6ed8c859 --- /dev/null +++ b/test/fixtures/runtime-hooks/package.json @@ -0,0 +1,5 @@ +{ + "private": true, + "name": "runtime-hooks", + "type": "module" +} diff --git a/test/fixtures/runtime-hooks/pages/index.vue b/test/fixtures/runtime-hooks/pages/index.vue new file mode 100644 index 00000000..138b204f --- /dev/null +++ b/test/fixtures/runtime-hooks/pages/index.vue @@ -0,0 +1,3 @@ + diff --git a/test/fixtures/runtime-hooks/server/api/runtime-hooks.ts b/test/fixtures/runtime-hooks/server/api/runtime-hooks.ts new file mode 100644 index 00000000..e64282c9 --- /dev/null +++ b/test/fixtures/runtime-hooks/server/api/runtime-hooks.ts @@ -0,0 +1,7 @@ +import { getResponseHeader } from "h3" + +export default defineEventHandler((event) => { + return { + csp: getResponseHeader(event, 'Content-Security-Policy') + } +}) \ No newline at end of file diff --git a/test/fixtures/runtime-hooks/server/plugins/headers.ts b/test/fixtures/runtime-hooks/server/plugins/headers.ts new file mode 100644 index 00000000..8be1ad38 --- /dev/null +++ b/test/fixtures/runtime-hooks/server/plugins/headers.ts @@ -0,0 +1,9 @@ +export default defineNitroPlugin((nitroApp) => { + nitroApp.hooks.hook('nuxt-security:ready', () => { + nitroApp.hooks.callHook('nuxt-security:headers', '/api/runtime-hooks' ,{ + contentSecurityPolicy: { + "script-src": ["'self'", "'unsafe-inline'", '*.azure.com'], + } + }) + }) +}) \ No newline at end of file diff --git a/test/runtime-hooks.test.ts b/test/runtime-hooks.test.ts new file mode 100644 index 00000000..1cfd9e9b --- /dev/null +++ b/test/runtime-hooks.test.ts @@ -0,0 +1,19 @@ +import { fileURLToPath } from 'node:url' +import { describe, it, expect } from 'vitest' +import { setup, fetch } from '@nuxt/test-utils' + +await setup({ + rootDir: fileURLToPath(new URL('./fixtures/runtime-hooks', import.meta.url)) +}) + +describe('[nuxt-security] runtime hooks', () => { + it('expect csp to be set by a runtime hook', async () => { + const res = await fetch('/api/runtime-hooks') + expect(await res.json()).toMatchInlineSnapshot(` + { + "csp": "script-src 'self' 'unsafe-inline' *.azure.com", + } + `) + expect(res.headers.get('Content-Security-Policy')).toMatchInlineSnapshot( '"script-src \'self\' \'unsafe-inline\' *.azure.com"') + }) +}) \ No newline at end of file From da8461a5ff44bf6db2c2f2de0e9fddf75523f86a Mon Sep 17 00:00:00 2001 From: julien huang Date: Sun, 19 Nov 2023 15:08:53 +0100 Subject: [PATCH 2/8] fix: allow setting false in override --- src/runtime/nitro/plugins/00-context.ts | 4 ++-- src/runtime/server/middleware/headers.ts | 10 ++++++++-- src/types/index.ts | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/runtime/nitro/plugins/00-context.ts b/src/runtime/nitro/plugins/00-context.ts index d822f616..586bdde8 100644 --- a/src/runtime/nitro/plugins/00-context.ts +++ b/src/runtime/nitro/plugins/00-context.ts @@ -6,10 +6,10 @@ export default defineNitroPlugin((nitroApp) => { const router = createRouter() nitroApp.hooks.hook('nuxt-security:headers', (route, headersConfig) => { - const headers: Record = {} + const headers: Record = {} for (const [header, headerOptions] of Object.entries(headersConfig)) { - headers[SECURITY_HEADER_NAMES[header]] = getHeaderValueFromOptions(header as HeaderMapper, headerOptions as any) + headers[SECURITY_HEADER_NAMES[header]] = headerOptions === false ? false : getHeaderValueFromOptions(header as HeaderMapper, headerOptions as any) } router.insert(route, headers) diff --git a/src/runtime/server/middleware/headers.ts b/src/runtime/server/middleware/headers.ts index f77e8559..4c13c04b 100644 --- a/src/runtime/server/middleware/headers.ts +++ b/src/runtime/server/middleware/headers.ts @@ -1,7 +1,13 @@ -import { defineEventHandler, setHeaders } from '#imports' +import { defineEventHandler, setHeader, removeResponseHeader } from '#imports' export default defineEventHandler((event) => { if(event.context.security.headers) { - setHeaders(event, event.context.security.headers) + Object.entries(event.context.security.headers).forEach(([header, value]) => { + if(value === false) { + removeResponseHeader(event, header) + }else { + setHeader(event, header, value, ) + } + }) } }) \ No newline at end of file diff --git a/src/types/index.ts b/src/types/index.ts index c32564d8..0e130d24 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -37,7 +37,7 @@ export interface NuxtSecurityRouteRules { } export interface NuxtSecurityEventContext { - headers: Record | null + headers: Record | null } declare module 'h3' { From 72075812e4a7722f04eb2751dde697d1022266b6 Mon Sep 17 00:00:00 2001 From: julien huang Date: Sun, 19 Nov 2023 15:42:48 +0100 Subject: [PATCH 3/8] docs: update doc --- .../2.headers/15.runtimeConfiguration.md | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 docs/content/1.documentation/2.headers/15.runtimeConfiguration.md diff --git a/docs/content/1.documentation/2.headers/15.runtimeConfiguration.md b/docs/content/1.documentation/2.headers/15.runtimeConfiguration.md new file mode 100644 index 00000000..71d195d6 --- /dev/null +++ b/docs/content/1.documentation/2.headers/15.runtimeConfiguration.md @@ -0,0 +1,37 @@ +# Runtime configuration + +:badge[Optional]{type="warning"} The headers configuration at runtime + +--- + +If you need to change the headers configuration at runtime, it is possible to do it through `nuxt-security:headers` hook. + +## Enabling the option + +This feature is optionnal, you can enable it with + +```ts +export default defineNuxtConfig({ + modules: ['nuxt-security'], + security: { + runtimeHooks: true + } +}) +``` + +## Usage + +Within your nitro plugin. You can override the previous configuration of a route with `nuxt-security:headers`. + +```ts +export default defineNitroPlugin((nitroApp) => { + nitroApp.hooks.hook('nuxt-security:ready', () => { + nitroApp.hooks.callHook('nuxt-security:headers', '/**' ,{ + contentSecurityPolicy: { + "script-src": ["'self'", "'unsafe-inline'"], + }, + xFrameOptions: false + }) + }) +}) +``` From 1827273a9063827b4a2e855f57e5c85ce36bfbbb Mon Sep 17 00:00:00 2001 From: julien huang Date: Mon, 11 Dec 2023 22:53:15 +0100 Subject: [PATCH 4/8] feat: remove runtimeHook option and refactor to context object --- playground/server/plugins/headers.ts | 10 +++++++--- src/module.ts | 16 +++++++--------- src/runtime/nitro/plugins/00-context.ts | 2 +- src/types/index.ts | 15 ++++++++++----- .../runtime-hooks/server/plugins/headers.ts | 10 ++++++---- 5 files changed, 31 insertions(+), 22 deletions(-) diff --git a/playground/server/plugins/headers.ts b/playground/server/plugins/headers.ts index fc95b676..a2cc10d4 100644 --- a/playground/server/plugins/headers.ts +++ b/playground/server/plugins/headers.ts @@ -1,9 +1,13 @@ export default defineNitroPlugin((nitroApp) => { nitroApp.hooks.hook('nuxt-security:ready', () => { - nitroApp.hooks.callHook('nuxt-security:headers', '/api/runtime-hooks' ,{ - contentSecurityPolicy: { - "script-src": ["'self'", "'unsafe-inline'"], + nitroApp.hooks.callHook('nuxt-security:headers', + { + route: '/api/runtime-hooks', + headers: { + contentSecurityPolicy: { + "script-src": ["'self'", "'unsafe-inline'"], + } } }) }) diff --git a/src/module.ts b/src/module.ts index 5bba7afa..f0d7ebe2 100644 --- a/src/module.ts +++ b/src/module.ts @@ -125,15 +125,13 @@ export default defineNuxtModule({ }) } - - if(nuxt.options.security.runtimeHooks) { - addServerPlugin(resolve(runtimeDir, 'nitro/plugins/00-context')) - addServerHandler({ - handler: normalize( - resolve(runtimeDir, 'server/middleware/headers') - ) - }) - } + + addServerPlugin(resolve(runtimeDir, 'nitro/plugins/00-context')) + addServerHandler({ + handler: normalize( + resolve(runtimeDir, 'server/middleware/headers') + ) + }) const allowedMethodsRestricterConfig = nuxt.options.security .allowedMethodsRestricter diff --git a/src/runtime/nitro/plugins/00-context.ts b/src/runtime/nitro/plugins/00-context.ts index e213f5cc..1d2bc5e1 100644 --- a/src/runtime/nitro/plugins/00-context.ts +++ b/src/runtime/nitro/plugins/00-context.ts @@ -6,7 +6,7 @@ import { OptionKey } from "~/src/module" export default defineNitroPlugin((nitroApp) => { const router = createRouter() - nitroApp.hooks.hook('nuxt-security:headers', (route, headersConfig) => { + nitroApp.hooks.hook('nuxt-security:headers', ({route, headers: headersConfig}) => { const headers: Record = {} for (const [header, headerOptions] of Object.entries(headersConfig)) { diff --git a/src/types/index.ts b/src/types/index.ts index 4497ebb0..9f5eb95b 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -22,10 +22,6 @@ export interface ModuleOptions { nonce: boolean; removeLoggers: RemoveOptions | false; ssg: Ssg | false; - /** - * enable runtime nitro hooks to configure some options at runtime - */ - runtimeHooks: boolean; sri: boolean } @@ -42,7 +38,16 @@ export type NuxtSecurityRouteRules = Pick void + 'nuxt-security:headers': (config: { + /** + * The route for which the headers are being configured + */ + route: string, + /** + * The headers configuration for the route + */ + headers: SecurityHeaders + }) => void 'nuxt-security:ready': () => void } } \ No newline at end of file diff --git a/test/fixtures/runtime-hooks/server/plugins/headers.ts b/test/fixtures/runtime-hooks/server/plugins/headers.ts index 8be1ad38..4ca49aac 100644 --- a/test/fixtures/runtime-hooks/server/plugins/headers.ts +++ b/test/fixtures/runtime-hooks/server/plugins/headers.ts @@ -1,8 +1,10 @@ -export default defineNitroPlugin((nitroApp) => { +export default defineNitroPlugin((nitroApp) => { nitroApp.hooks.hook('nuxt-security:ready', () => { - nitroApp.hooks.callHook('nuxt-security:headers', '/api/runtime-hooks' ,{ - contentSecurityPolicy: { - "script-src": ["'self'", "'unsafe-inline'", '*.azure.com'], + nitroApp.hooks.callHook('nuxt-security:headers', { + route: '/api/runtime-hooks', headers: { + contentSecurityPolicy: { + "script-src": ["'self'", "'unsafe-inline'", '*.azure.com'], + } } }) }) From a062371aa5b44c7b24f3fff1b7aca1d27ae62877 Mon Sep 17 00:00:00 2001 From: julien huang Date: Wed, 10 Jan 2024 19:44:03 +0100 Subject: [PATCH 5/8] revert: set bakc runtime hooks option --- src/module.ts | 16 +++++++++------- src/types/index.ts | 5 +++++ 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/src/module.ts b/src/module.ts index f0d7ebe2..5bba7afa 100644 --- a/src/module.ts +++ b/src/module.ts @@ -125,13 +125,15 @@ export default defineNuxtModule({ }) } - - addServerPlugin(resolve(runtimeDir, 'nitro/plugins/00-context')) - addServerHandler({ - handler: normalize( - resolve(runtimeDir, 'server/middleware/headers') - ) - }) + + if(nuxt.options.security.runtimeHooks) { + addServerPlugin(resolve(runtimeDir, 'nitro/plugins/00-context')) + addServerHandler({ + handler: normalize( + resolve(runtimeDir, 'server/middleware/headers') + ) + }) + } const allowedMethodsRestricterConfig = nuxt.options.security .allowedMethodsRestricter diff --git a/src/types/index.ts b/src/types/index.ts index 9f5eb95b..2071c689 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -22,6 +22,11 @@ export interface ModuleOptions { nonce: boolean; removeLoggers: RemoveOptions | false; ssg: Ssg | false; + /** + * enable runtime nitro hooks to configure some options at runtime + * Current configuration editable at runtime: headers + */ + runtimeHooks: boolean; sri: boolean } From 6acf660aa512e8b5511ed8b62888612aaf81dbe7 Mon Sep 17 00:00:00 2001 From: julien huang Date: Wed, 10 Jan 2024 19:48:33 +0100 Subject: [PATCH 6/8] fix: add type augmentation --- src/types/headers.ts | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/types/headers.ts b/src/types/headers.ts index d25d5c62..9e780251 100644 --- a/src/types/headers.ts +++ b/src/types/headers.ts @@ -243,3 +243,12 @@ export interface SecurityHeaders { xXSSProtection?: string | false; permissionsPolicy?: PermissionsPolicyValue | false; } + + +declare module 'h3' { + interface H3EventContext { + security: { + headers: SecurityHeaders + } + } +} \ No newline at end of file From c58491a204a60d920df7b419d855d6b7ad7b64ca Mon Sep 17 00:00:00 2001 From: julien huang Date: Wed, 10 Jan 2024 20:10:52 +0100 Subject: [PATCH 7/8] chore: lint --- src/runtime/server/middleware/headers.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/runtime/server/middleware/headers.ts b/src/runtime/server/middleware/headers.ts index 4c13c04b..bbe2880d 100644 --- a/src/runtime/server/middleware/headers.ts +++ b/src/runtime/server/middleware/headers.ts @@ -3,10 +3,10 @@ import { defineEventHandler, setHeader, removeResponseHeader } from '#imports' export default defineEventHandler((event) => { if(event.context.security.headers) { Object.entries(event.context.security.headers).forEach(([header, value]) => { - if(value === false) { + if (value === false) { removeResponseHeader(event, header) - }else { - setHeader(event, header, value, ) + } else { + setHeader(event, header, value) } }) } From 10c61614b6b40cc204b633e0edb0a389d1526b57 Mon Sep 17 00:00:00 2001 From: julien huang Date: Wed, 10 Jan 2024 21:57:14 +0100 Subject: [PATCH 8/8] docs: move doc to usage --- .../1.getting-started/3.usage.md | 34 +++++++++++++++++ .../2.headers/15.runtimeConfiguration.md | 37 ------------------- 2 files changed, 34 insertions(+), 37 deletions(-) delete mode 100644 docs/content/1.documentation/2.headers/15.runtimeConfiguration.md diff --git a/docs/content/1.documentation/1.getting-started/3.usage.md b/docs/content/1.documentation/1.getting-started/3.usage.md index 03309366..7a179157 100644 --- a/docs/content/1.documentation/1.getting-started/3.usage.md +++ b/docs/content/1.documentation/1.getting-started/3.usage.md @@ -169,3 +169,37 @@ export default defineNuxtConfig({ } }) ``` + +## Runtime configuration + +If you need to change the headers configuration at runtime, it is possible to do it through `nuxt-security:headers` hook. + +### Enabling the option + +This feature is optional, you can enable it with + +```ts +export default defineNuxtConfig({ + modules: ['nuxt-security'], + security: { + runtimeHooks: true + } +}) +``` + +### Usage + +Within your nitro plugin. You can override the previous configuration of a route with `nuxt-security:headers`. + +```ts +export default defineNitroPlugin((nitroApp) => { + nitroApp.hooks.hook('nuxt-security:ready', () => { + nitroApp.hooks.callHook('nuxt-security:headers', '/**' ,{ + contentSecurityPolicy: { + "script-src": ["'self'", "'unsafe-inline'"], + }, + xFrameOptions: false + }) + }) +}) +``` diff --git a/docs/content/1.documentation/2.headers/15.runtimeConfiguration.md b/docs/content/1.documentation/2.headers/15.runtimeConfiguration.md deleted file mode 100644 index 71d195d6..00000000 --- a/docs/content/1.documentation/2.headers/15.runtimeConfiguration.md +++ /dev/null @@ -1,37 +0,0 @@ -# Runtime configuration - -:badge[Optional]{type="warning"} The headers configuration at runtime - ---- - -If you need to change the headers configuration at runtime, it is possible to do it through `nuxt-security:headers` hook. - -## Enabling the option - -This feature is optionnal, you can enable it with - -```ts -export default defineNuxtConfig({ - modules: ['nuxt-security'], - security: { - runtimeHooks: true - } -}) -``` - -## Usage - -Within your nitro plugin. You can override the previous configuration of a route with `nuxt-security:headers`. - -```ts -export default defineNitroPlugin((nitroApp) => { - nitroApp.hooks.hook('nuxt-security:ready', () => { - nitroApp.hooks.callHook('nuxt-security:headers', '/**' ,{ - contentSecurityPolicy: { - "script-src": ["'self'", "'unsafe-inline'"], - }, - xFrameOptions: false - }) - }) -}) -```